incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alejandro Caceres <>
Subject Re: New Project?
Date Tue, 02 Jul 2019 20:59:54 GMT
Hi Matt,

Thanks for the response. You are sort of correct, I would say the end goal
is a service - an open source engine that is able to grab and ingest this
highly unstructured security information and turn it into something useful
- then provide that back to the user in a few different forms. One would be
a web services API for general use exposed to the Internet (a service, like
you said), and another would be a series of command line tools and
libraries that others can use to ingest this information easily. the third
goal would be: not only is the code open source, but all data used in the
application is available itself, so this could easily be used to run a
personal node of this information for an organization, is simply
my instance that I expose to the Internet at large for those that don't
want to run a "full node". If that is more palatable to the ASF I'm glad to
make that the focus. In other words: I'm not married to any model here.

I knew coming in that it's a bit unconventional for Apache, but, I think,
it is a unique and powerful project that would increase engagement from the
infosec community in which I personally, as well as my R&D company have
some good visibility from. In other words, just testing the waters to see
how this is received by ASF :).


On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <> wrote:

> I'm a little unclear about the scope of the project here. This project
> looks more like a service, and I don't know of any ASF projects that
> exist to provide services outside the ASF.
> On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
> <> wrote:
> >
> > Hey Folks,
> >
> > I'm interested in submitting a project as a seedling and am looking
> exactly
> > where to start. The project is already off the ground, being used by
> many,
> > is stable, reasonably mature (it's in alpha release), open source, and
> > already Apache licensed. I've been looking at a lot of resources to how
> > best to submit this to Apache and from what I understand I need to:
> >
> > Find a "champion/mentor" for the project and a "sponsor" -> submit an
> > incubator application -> wait (or do i submit for a vote on general@?)
> ->
> > ... -> profit :)
> >
> > For a bit more context, my project is or
> > This project aggregates and
> makes
> > searchable database leaks and other information security data that is
> easy
> > for attackers to find (they have blackhat and underground resources) but
> > difficult for security professionals trying to defend their network (they
> > cannot buy stolen data, are not plugged into the blackhat hacker
> community,
> > and frankly generally don't know "where to start"). The Scylla engine
> aims
> > to even the playing field by making this data available and completely
> free
> > for everyone. The feed is meant to power threat intelligence engines to
> aid
> > in the defense of both large corporate networks, but also be accessible
> to
> > an average user who wants to check what information of theirs has been
> > leaked. It's a passion project of mine and have been working on it for
> > several months already. We have several terabytes of data and good
> > attention from the infosec community.
> >
> > Anyway, sorry for the brain dump above, but I suppose I should mainly
> ask -
> > where do I go from here? Do I simply ask this mailing list if there is a
> > sponsor and champion willing to bring this in as a podling?
> >
> > Thanks!
> > Alex
> >
> >
> >
> > --
> > ___
> >
> > Alejandro Caceres
> > Hyperion Gray, LLC
> > Owner/CTO
> --
> Matt Sicker <>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


Alejandro Caceres
Hyperion Gray, LLC

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message